Custom Plugins

Disclaimer

Custom or third-party plugins described here are not part of the official SpamAssassin distribution. They may have a different license and are not from the Apache Software Foundation.

Please add links to third-party SA plugins to the bottom of this page. Note that only SpamAssassin 3.0.0 or later can use these. To use these, just place the file(s) in your SpamAssassin plugin directory, which may be /usr/share/perl5/Mail/SpamAssassin/Plugin/ (if you use spamd, be sure to restart); SpamAssassin will need at least 1 rule file (ending in .cf) to load the plugin, and that will typically use a loadplugin line to load a .pm file containing the plugin's perl code.

You can also keep the plugin's .pm file in your /etc/mail/spamassassin/ or /etc/spamassassin/ directory, but you need to specify the plugin's file name as the second argument to loadplugin. For example, a plugin named Mail::SpamAssassin::Plugin::MyPlugin with a filename of myplugin.pm: loadplugin Mail::SpamAssassin::Plugin::MyPlugin myplugin.pm

Read any extra info available with the plugins, including the comments in the .cf files, or the POD documentation in the .pm file.

Check to make sure that the default scores fit your installation. You might want to modify scores.

Make sure to --lint the rules after loading them.

Test the new plugin. Keep an eye on hits from the new rules to determine if the scoring is right for you.

Use at your own risk.

Status Information

Active: Plugin is actively updated and maintained Locked: Plugin is not actively updated, but is fine to run and considered "stable" Defunct: Plugin is no longer maintained, may be out of date or have problems Please respect the wishes of the authors and/or the site hosts.

Unmaintained Plugins

Plugins without a recent "Maintained as of:" date have been moved to UnmaintainedCustomPlugins. If you own one, or have confirmed that it is currently usable, feel free to move it back here and update that field.

BotnetBotnet looks for possible botnet sources of email by checking various DNS values that indicate things such as other ISP's clients or workstations, or misconfigured DNS settings that are more likely to happen with client or workstation addresses than servers. Mirrored for educational purposes with applied patches, as it seems abandonded and nowhere to be found. No other changes are done. As the plugin has some interesting idea's there might be a (partial) rewrite in the future. Original Author: John Rudd Maintainer: Thijs Eilander Contact: via github License Type: GNU General Public License Status: Inactive but works fine on 3.4.1 Maintained as of: 2014-11-19 Added: 2015-05-14 Available at: https://github.com/eilandert/Botnet.pm

Mail::SpamAssassin::Plugin::DecodeShortURLsDecodes shortened URLs via HTTP HEAD request to the shortening service and adds the decoded URL into the list of URIs extracted by SpamAssassin for other plugins to find (e.g. URIDNSBL). Created by: Steve Freegard Contact: steve.freegard -at- fsl.com License Type: Apache Status: Active Maintained as of: 2013-03-13 Added: 2010-09-17 Available at: https://github.com/smfreegard/DecodeShortURLs

DSPAMWhen using dspam in conjuction with SpamAssassin and amavisd-new, amavisd-new automatically has dspam calculate the probabability of a message being HAM/SPAM and then insert headers. If you have SA installed, the dspam information goes to waste. That is unless you take advantage of this plugin.Created by: Eric Lubow Contact: eric -at- lubow -dot- org License Type: Same as SpamAssassinStatus: active Maintained as of: 2011-03-21 Added: 2006-12-08 Available at: http://eric.lubow.org/projects/dspam-spamassassin-plugin/Note: Using dspam's results, this module adds a tag/token to the message that SA picks up and based on the score you assign it in the ruleset configuration file, it adds/subtracts that score. Read the homepage link for more information.

Mail::SpamAssassin::Plugin::SaveHitsStores a copy of a message in a dated directory when specific rules are hit and then creates a dated directory for each rule that is hit and creates a symlink to the message file allowing you to quickly find messages on a given date hitting a specific rule. Useful for developing and testing new rules.Created by: Steve Freegard Contact: steve.freegard -at- fsl.com License Type: Apache Status: Active Maintained as of: 2011-03-21 Added: 2009-08-03 Available at: https://github.com/smfreegard/SaveHits

Mail::SpamAssassin::Plugin::LDAPfilterMail::SpamAssassin::Plugin::LDAPfilter provides LDAP-based blacklist and whitelist filtering capabilities to SpamAssassin 3.x installs. Standard elements from the SMTP session and the RFC822 message are parsed out and searches are submitted to an LDAP server, and scorable responses are returend for any matches. For example, if a message contains a parseable domain name, the domain name will be used as a search key against the LDAP filters, and if a match is found the plugin will return a scorable marker, which could either be positive (blacklist) or negative (whitelist).Created by: Eric A. HallContact: ehall@ntrg.comLicense Type: Same as SpamAssassinStatus: ongoing maintenance, some developmentMaintained as of: 2011-01-01Added: 2005-05-24 Available at: http://www.eric-a-hall.com/software/spamassassin-ldapfilter/

SAGreySAGrey is a two-phased greylist tool for use inside spamassassin. It first looks to see if the score of the current message exceeds the current "spam" threshold value, and if so then it looks to see if the message sender's email and IP address tuple are already known to the auto-whitelist (AWL) repository. If the message exceeds the spam score and the sender is unknown to spamassassin, SAGrey assumes that this is one-time spam from a throwaway or zombie account, and fires accordingly.This is badly named, as it does not actually do greylisting.Created by: Eric A. HallContact: eric.hall@gmail.comLicense Type: Same as SpamAssassinStatus: ongoing maintenance, some developmentMaintained as of: 2011-01-01Added: 2005-08-21 Available at: http://www.eric-a-hall.com/software/spamassassin-sagrey/

Commercial Plugins

Commtouch Plug-in for SpamAssassinCommtouch offers a SpamAssassin plug-in for its Anti-Spam and Zero-Hour Virus Outbreak Protection technologies. Messages are passed to the Commtouch engine and the results are converted into SpamAssassin scores. Embedding the Commtouch technology allows existing SpamAssassin systems to simultaneously increase accuracy and decrease the amount of resources required for maintenance, with an easy and fast integration effort. Commtouch SA-Plugin --- The Commtouch Plug-In is a quick, easy way to inoculate SpamAssassin-protected mail servers against zero-hour threats, and to beef up detection against zombie- or botnet-generated spam. Created by: Commtouch Software Ltd. Contact: Gabriel.Mizrahi at Commtouch dot com License Type: Commercial annual subscription Status: Active Maintained as of: 2011-03-23 Added: 2008-09-09 Available at: http://www.commtouch.com/Site/Products/SpamAssassin.asp

PhishPatrolTM by Wombat Security Technologies, Inc.PhishPatrolTM is a dedicated Anti-Phishing email Plug-in that will significantly boost the performance of your SpamAssassin installation, enabling you to catch many of the spear-phishing emails and zero-hour phishing emails that would otherwise go undetected. PhishPatrolTM is the product of years of research at the world-renowned School of Computer Science at Carnegie Mellon University. It relies on proprietary machine learning techniques and a proprietary set of features to complement your existing anti-spam/anti-virus installation. PhishPatrolTM is backed by a dedicated team of researchers working relentlessly to ensure that their filter keeps up with the latest threats. As a SpamAssassin plug-in, PhishPatrolTM integrates seamlessly with your existing installation of SpamAssassin. For additional information, contact info@wombatsecurity.com. Created by: Wombat Security Technologies, Inc. Contact: sales -at- wombatsecurity -dot- com License type: Commercial annual subscription Status: Active Maintained as of: 2011-04-01 Added: 2008-10-20 Available at: http://wombatsecurity.com